Multiple radius servers & RADONLINE table
Gordon Smith
gordon at morenet.net.nz
Tue Jan 29 15:10:39 CST 2002
Hi Hugh,
I'm setting up 2 radius servers that talk to a backend database (MySQL) on a
separate box.
Problem is, for some reason the local RADONLINE table is updated, which I
don't want, as the user can be processed by either radius server. I want the
sessions to be checked against the backend DB, which I thought was
configured with the SessionDatabase attribute.
Can you shed some light on this for me? The goal is to have both front end
servers checking the back end radonline table for enforcing simultaneous use
policies.
Cheers,
Gordon
This is the relevent config:
<AuthBy SQL>
Identifier AcctSQL
DBSource dbi:mysql:radmin:d3.morenet.net.nz
DBUsername xxxx
DBAuth zzzzzz
AuthSelect
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef CALLERID,Calling-Station-Id
</AuthBy>
<AuthBy RADMIN>
Identifier AuthSQL
DBSource dbi:mysql:radmin
DBUsername xxx
DBAuth zzz
AddToReply \
Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP,\
Service-Type = Framed-User,\
Session-Timeout = 14400,\
Idle-Timeout = 900,\
Ascend-Client-Primary-DNS = 210.185.31.4,\
Ascend-Client-Secondary-DNS = 210.185.31.5
</AuthBy>
<SessionDatabase SQL>
Identifier SessSQL
DBSource dbi:mysql:radmin:d3.morenet.net.nz
DBUsername xxx
DBAuth zzz
</SessionDatabase>
<AuthLog SQL>
Identifier logAuth
DBSource dbi:mysql:radmin:d3.morenet.net.nz
DBUsername radmin
DBAuth radminpw
Table AUTH_LOG
LogSuccess 0
LogFailure 1
SuccessQuery INSERT INTO AUTH_LOG \
(ACCESS_OK,TIME_STAMP,USERNAME,SEVERITY,REASON) \
VALUES \
('OK','%t','%n','%0','%1')
FailureQuery INSERT INTO AUTH_LOG \
(ACCESS_OK,TIME_STAMP,USERNAME,SEVERITY,REASON) \
VALUES \
('NO','%t','%n','%0','%1')
</AuthLog>
<Realm infogen.net.nz>
AuthByPolicy ContinueAlways
AuthBy AcctSQL
AuthBy AuthSQL
AuthLog logAuth
SessionDatabase SessSQL
</Realm>
<Realm morenet.net.nz>
AuthByPolicy ContinueAlways
AuthBy AcctSQL
AuthBy AuthSQL
AuthLog logAuth
SessionDatabase SessSQL
</Realm>
-------------------------------------------------------
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list